More than 113,000 Patients of Brandywine Urology Consultants Ransomware Attack

Delaware-based Brandywine Urology Consultants has made public that it suffered a ransomware attack on January 25, 2020 that lead to the encryption of files on its servers and computers. The scope of the attack was limited and the practice’s electronic medical record system was not impacted. No medical records were exposed or infiltrated during the attack.

The practice moved quickly and took steps to isolate the attack and reduce the harm inflicted. After securing its systems, a thorough scan was performed to ensure no malicious software or code remained and it was determined that the attack had been completely neutralized.

A third-party security company was brought in to thoroughly investigate the attack and determine whether the attackers had obtained access to or stole patient information. While many ransomware gangs carry out manual attacks and steal data prior to using their ransomware payload, the investigation suggests this was an automated attack that was conducted with the only aim of encrypting files to extort money from the practice.

The investigation into the attack is not finished but, to date, no evidence of unauthorized data access or data theft has been located; however, it was not possible to rule out unauthorized data access so notification letters are now being shared to all patients whose protected health information was kept on parts of the system that were compromised in the attack.

The substitute breach notice made available publicly on the Brandywine Urology Consultants website, the types of information that may have been compromised included names, addresses, Social Security numbers, medical file numbers, claims data, and over financial and personal data.

The IT security firm and the practice have been looking over security protections, policies, and procedures and steps have been taken to bolster security to ensure the integrity of its systems and prevent future data breaches. The central server used by the practice has been replaced and any computers harmed in the attack have either been reimaged or replaced. Antivirus software has been updated and penetration tests are being carried out to identify any other areas where security needs to be enhanced.

The breach summary on the HHS’ Office for Civil Rights breach portal states that as many as 131,825 patients were potentially targeted in the attack.